Česky (CZK)
Slovensky (EUR)
Austria
Belgium
Bulgaria
Croatia
Denmark
Estonia
Finland
France
Germany
Greece
Hungary
Ireland
Italy
Latvia
Lithuania
Luxembourg
Netherlands
Poland
Portugal
Romania
Slovenia
Spain
SwedenProtection of personal data
This Privacy Policy explains how we process personal data of customers and website visitors when selling goods within the EU. We comply with Regulation (EU) 2016/679 (GDPR) and related regulations.
In case of any discrepancy, our Terms and Conditions and mandatory legal provisions shall prevail.
1. Controller and contact details
The controller is CAD – Czech auto devices s.r.o., Company ID: 07451962, VAT number: CZ07451962, registered office: Nákupní 468/14, 736 01 Havířov, Česká republika. Registered with the Regional Court in Ostrava, Section C, File No. 75844.
Business premises / postal address (dispatch, complaints, returns): Na Kopci 426/1b, 735 64 Havířov – Dolní Suchá, Česká republika
Privacy contact e‑mail: info@auto-majaky.cz
Phone: +420 553 038 925
We have not appointed a Data Protection Officer (not required).
2. What data we process
We process personal data you provide when purchasing, registering, communicating with us, making a complaint or withdrawing from a contract, as well as technical data generated when using the website.
- Identification and contact details (name, e‑mail, phone).
- Delivery and invoicing details (address; for businesses also company name and Company ID/VAT number, if provided).
- Order and payment details (items ordered, price, currency, delivery/payment method, payment reference identifiers).
- Complaint/withdrawal and customer support data (description, communication, protocols).
- Account data (if you create an account).
- Technical data (IP address, device/browser data, cookies and similar identifiers – according to your cookie settings).
3. Purposes and legal bases
We process personal data for the following purposes:
- To conclude and perform the purchase contract (order processing, delivery, communication) – legal basis: performance of a contract / steps prior to entering into a contract.
- To comply with legal obligations (accounting, taxes, document retention, handling complaints) – legal basis: legal obligation.
- Customer support and request handling (complaints, withdrawal, inquiries) – legal basis: performance of a contract and/or legal obligation; where relevant, legitimate interests.
- Protection of our rights, fraud prevention, e‑shop security, debt recovery – legal basis: legitimate interests.
- Marketing communications (newsletter, offers) – legal basis: consent, or legitimate interests within the limits of applicable law (e.g., existing customers), always with an easy opt‑out.
- Product reviews and satisfaction surveys (e.g., review invitations, shop rating services such as Heureka or similar) – legal basis: legitimate interests (service improvement) with an easy opt‑out; or consent if required by a specific service.
- Website analytics and marketing measurement – legal basis: consent (for non‑essential cookies and similar technologies).
4. Recipients and categories of processors
We disclose personal data only to the extent necessary and typically to the following categories:
- Carriers and their local delivery partners in the destination country (sub‑carriers) – for delivery and delivery communication.
- Payment service providers and banks – for processing payments.
- IT, hosting and e‑shop platform providers, e‑mail services and technical support.
- Marketing and analytics providers (only if you consent in cookie settings).
- Review/rating service providers (to the extent necessary to send an invitation and process a review).
- Public authorities, courts and other authorised entities where required by law or necessary to protect our rights.
Where required, we have data processing agreements in place with our processors.
5. Transfers outside the EEA
If we use providers located outside the European Economic Area, personal data may be transferred to third countries. Such transfers are carried out only in compliance with GDPR requirements (e.g., adequacy decisions or Standard Contractual Clauses). A copy of the applicable safeguards is available upon request.
6. Retention periods
We keep data only for as long as necessary for the relevant purpose:
- Orders and related communication: during processing and then for the period necessary to protect our legal claims (typically for limitation periods).
- Accounting and tax documents: for the period required by law (typically at least 10 years).
- Customer account: for the duration of the account; then deletion/anonymisation unless longer retention is required by law or to protect legal claims.
- Marketing communication: until you withdraw consent or object/unsubscribe.
- Cookies: according to your cookie settings and cookie lifetimes (see cookie settings).
7. Cookies and similar technologies
We use cookies and similar technologies. Essential cookies are used to operate the website and cart. Other cookies (analytics/marketing) are used only with your consent, which you can change at any time in “Cookie settings” on the website.
8. Security
We implement appropriate technical and organisational measures to protect personal data (e.g., encrypted transmission, access controls, backups, account security).
9. Your rights
You have the right to access, rectification, erasure, restriction, data portability, to object to processing based on legitimate interests, and to withdraw consent (where applicable).
You can object to marketing at any time — typically via the unsubscribe link in e‑mails or by contacting us by e‑mail.
10. Complaints with a supervisory authority
If you believe that we are processing your data in breach of the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or the place of the alleged infringement. In the Czech Republic, the supervisory authority is the Office for Personal Data Protection (ÚOOÚ).
11. Obligation to provide data
Providing certain data is necessary to enter into and perform the purchase contract (especially delivery). Without such data, we cannot properly fulfil the order. Some data is also processed to comply with legal obligations (e.g., accounting and tax requirements).
12. Automated processing and profiling
For fraud prevention and e‑shop protection, we may use automated risk assessments. However, we do not carry out solely automated individual decision‑making within the meaning of Article 22 GDPR without human review.
Effective: from 1 January 2026